1. Field of the Invention
This invention pertains in general to computer security and administration and in particular to detection of anomalous system conditions through analysis of a computer file system.
2. Description of the Related Art
Modern computer systems are often susceptible to a number of different problems, problems which are exacerbated by the increasing complexity of computer systems. One such problem relates to system security. There exists a wide variety of security threats posed by malicious software—collectively referred to as “malware”—that secretly performs operations not desired by the computer user. Such operations include theft of important data (e.g. financial records), modification or destruction of system or user files, execution of “backdoor” programs, and the like. Unfortunately, malware proves difficult to detect. The increased incidence of polymorphic viruses and other malware has made it increasingly difficult to detect such malware using existing signature-based detection systems.
Another problem of modern computer systems relates to system administration. Even absent malicious intent, applications—such as installers or system tools—may erroneously misplace data or system components, leading to incorrect functioning of the applications/components involved. Given the size and complexity of the file hierarchies associated with modern applications, however, as well as the sheer volume of different applications available, system administrators and other users lack the knowledge to detect such misconfigurations.